cpe:/a:cisco:evolved_programmable_network_manager:1.2.0 cpe:/a:cisco:evolved_programmable_network_manager:1.2.1.3 cpe:/a:cisco:evolved_programmable_network_manager:1.2.200 cpe:/a:cisco:evolved_programmable_network_manager:1.2.300 cpe:/a:cisco:prime_infrastructure:1.2.0 cpe:/a:cisco:prime_infrastructure:1.2.0.103 cpe:/a:cisco:prime_infrastructure:1.2.1 cpe:/a:cisco:prime_infrastructure:1.3.0 cpe:/a:cisco:prime_infrastructure:1.3.0.20 cpe:/a:cisco:prime_infrastructure:1.4.0 cpe:/a:cisco:prime_infrastructure:1.4.0.45 cpe:/a:cisco:prime_infrastructure:1.4.1 cpe:/a:cisco:prime_infrastructure:1.4.2 cpe:/a:cisco:prime_infrastructure:2.0.0 cpe:/a:cisco:prime_infrastructure:2.1.0 cpe:/a:cisco:prime_infrastructure:2.2%282%29 cpe:/a:cisco:prime_infrastructure:2.2.0 cpe:/a:cisco:prime_infrastructure:3.0.0 cpe:/a:cisco:prime_infrastructure:3.0_base CVE-2016-1406 2016-05-24T21:59:09.757-04:00 2016-11-30T22:05:35.353-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2016-05-25T10:36:56.310-04:00 SECTRACK 1035948 CISCO 20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.